Version information
This version is compatible with:
- Puppet Enterprise 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x
- Puppet >= 5.5.8 < 7.0.0
- SLES, Archlinux , , ,
This module has been deprecated by its author since Oct 30th 2020.
The reason given was: This module has been migrated to Vox Pupuli
The author has suggested puppet-chrony as its replacement.
Start using this module
Documentation
puppet-chrony
Table of Contents
- Overview
- Module Description - What the module does and why it is useful
- Setup - The basics of getting started with chrony
- Usage - Configuration options and additional functionality
- Reference - An under-the-hood peek at what the module is doing and how
- Limitations - OS compatibility, etc.
Overview
Chrony Puppet Module
Manage chrony time daemon on Archlinux and Redhat
Module Description
The Chrony module handles running chrony in Archlinux and Redhat systems with systemd.
Setup
What chrony affects
- chrony package.
- chrony configuration file.
- chrony key file.
- chrony service.
Requirements
- Puppet 4.6.1 or later. Puppet 3 was supported up until release 0.2.0.
Beginning with chrony
include '::chrony' is all you need to get it running. If you wish to pass in parameters like which servers to use then you can use:
class { '::chrony':
servers => ['ntp1.corp.com', 'ntp2.corp.com' ],
}
Usage
All interaction with the chrony module can be done through the main chrony class.
I just want chrony, what's the minimum I need?
include '::chrony'
I just want to tweak the servers, nothing else.
class { '::chrony':
servers => [ 'ntp1.corp.com', 'ntp2.corp.com', ],
}
I'd like to make sure a secret password is used for chronyc:
class { '::chrony':
servers => [ 'ntp1.corp.com', 'ntp2.corp.com', ],
chrony_password => 'secret_password',
}
I'd like to use NTP authentication:
class { '::chrony':
keys => [
'25 SHA1 HEX:1dc764e0791b11fa67efc7ecbc4b0d73f68a070c',
],
servers => {
'ntp1.corp.com' => ['key 25', 'iburst'],
'ntp2.corp.com' => ['key 25', 'iburst'],
},
}
I'd like chronyd to auto generate a command key at startup:
class { '::chrony':
chrony_password => 'unset',
config_keys_manage => false,
}
Allow some hosts
class { '::chrony':
queryhosts => [ '192.168/16', ],
}
Reference
Classes
- chrony: Main class, includes all the rest.
- chrony::install: Handles the packages.
- chrony::config: Handles the configuration and key file.
- chrony::service: Handles the service.
Parameters
The following parameters are available in the chrony module
bindcmdaddress
Array of addresses of interfaces on which chronyd will listen for monitoring command packets (defaults to localhost).
chrony_password
This sets the chrony password to be used in the key file. By default a short fixed string is used. If set explicitly to 'unset' then no password will setting will be added to the keys file by puppet.
commandkey
This sets the key ID used by chronyc to authenticate to chronyd.
config
This sets the file to write chrony configuration into.
config_template
This determines which template puppet should use for the chrony configuration.
config_keys
This sets the file to write chrony keys into.
config_keys_owner
Specify unix owner of chrony keys file, defaults to 0.
config_keys_group
Specify unix group of chrony keys files, defaults to 0 on ArchLinux and chrony on Redhat.
config_keys_mode
Specify unix mode of chrony keys files, defaults to 0644 on ArchLinux and 0640 on Redhat.
config_keys_template
This determines which template puppet should use for the chrony key file.
keys
An array of key lines. These are printed as-is into the chrony key file.
local_stratum
Override the stratum of the server which will be reported to clients when the local reference is active. Defaults to 10
log_options
Specify which information is to be logged.
package_ensure
This can be set to 'present' or 'latest' or a specific version to choose the chrony package to be installed.
package_name
This determines the name of the package to install.
peers
This selects the servers to use for NTP peers (symmetric association). It is an array of servers.
servers
This selects the servers to use for NTP servers. It can be an array of servers or a hash of servers to their respective options.
refclocks
This should be a Hash of hardware reference clock drivers to use. They hash can either list a single list of options for the driver, or any array of multiple options if the same driver is used for multiple hardware clocks.
Example:
refclocks = { 'PPS' => [ '/dev/pps0 lock NMEA refid GPS',
'/dev/pps1:clear refid GPS2' ],
'SHM' => '0 offset 0.5 delay 0.2 refid NMEA noselect' }
makestep_updates
, makestep_seconds
This configures the makestep
parameter of chronyd
.
Usually, chronyd
never steps the time, but applies a slew
after the initial synchronization.
This setting configures for how many updates the time may be stepped
if the adjustment is larger than specified seconds.
For virtual machines which are suspended and resumed for a prolonged time,
stepping the time may be wanted. In this case, set makestep_updates
to -1
to allow stepping the time for any update.
queryhosts
This adds the networks, hosts that are allowed to query the daemon.
service_enable
This determines if the service should be enabled at boot.
service_ensure
This determines if the service should be running or not.
service_manage
This selects if puppet should manage the service in the first place.
service_name
This selects the name of the chrony service for puppet to manage.
mailonchange
Specify the mail you wanna alert when chronyd execute a sync grater than threshold.
threshold
Specify the time limit for triggering events.
lock_all
Force chrony to only use RAM & prevent swapping.
Limitations
This module has been built on and tested against Puppet 3.2.3 and higher.
The module has been tested on:
- Arch Linux
- Red Hat
- Debian (9)
- Suse 12.3
Changelog
All notable changes to this project will be documented in this file.
v0.2.5 (2019-04-25)
Merged pull requests:
- Add support for pools [#37|(https://github.com/aboe76/puppet-chrony/pull/37) (giggsey)
v0.2.4 (2019-01-07)
Merged pull requests:
v0.2.3 (2018-10-05)
Merged pull requests:
v0.2.2 (2018-09-26)
Merged pull requests:
- add log_options for logging support #31 (Warblefly)
- Add configuration of clientlog and clientloglimit. #30 (olifre)
- Implement "makestep" config parameter. #27 (olifre)
- add debian in readme tested os #26 (othalla)
v0.2.1 (2018-05-26)
Merged pull requests:
v0.2.0 (2018-05-12)
Merged pull requests:
- Adding Debian support #23 (othalla)
- Add OS support in Metadata & use contain instead of anchor #22 (othalla)
- improve CI & test with puppet 4/5 #21 (othalla)
- Add refclocks configuration parameter #17 (islepnev)
v0.1.2 (2017-10-31)
Merged pull requests:
- Removed unsupported options #15 (4N7)
- Remove unsupported options #14 (4N7)
- make sure we iterate predictable over the hash #11 (duritong)
- Make keys more configurable #10 (roysjosh)
v0.1.1(2016-03-11)
- Allow chrony to create its own keys in chrony.keys
- configure owner,group and mode of chrony keys file
- test will run now
- skip older ruby version in test
- small fixes for travis
v0.1.0(2015-03-08)
- fix future parser
v0.0.9(2014-10-19)
- Secure default installation
- fix travis
- queryhost should be empty
- basic set of tests running
v0.0.8(2014-07-17)
- Fix key params
- chrony.keys not world readable
v0.0.7(2014-06-09)
- Fix path for config_key
- Set Red Hat chrony params
- Fix template Red Hat
v0.0.6(2014-04-27)
- Add Red Hat support
- Add chrony params with queryhost
- Fix build
v0.0.5(2013-03-21)
- Add license
v0.0.4(2013-06-20)
- Fix travis button and testing
v0.0.3(2013-06-20)
- Update Readme and spec test
v0.0.2(2013-06-19)
- Update module forge with more information
v0.0.1(2013-06-19)
- First release on forge
Copyright 2013 Niels Abspoel Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.